diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-08-16 01:59:25 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-08-16 17:10:57 +0200 |
commit | f59a5f6b873d8bf994e2d85671f2554b9fdd62db (patch) | |
tree | 377a7a41d14da7b3e6c7988c65ae602f940a8dfd | |
parent | 0284adc6a60ce0af1107cb0b50041a65d731f39e (diff) |
journal: verify hashes only during actual verification, not all the time
-rw-r--r-- | src/journal/journal-file.c | 20 | ||||
-rw-r--r-- | src/journal/journal-verify.c | 39 |
2 files changed, 29 insertions, 30 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index ff439f2474..efa0910780 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -319,23 +319,6 @@ static int journal_file_move_to(JournalFile *f, int context, uint64_t offset, ui return mmap_cache_get(f->mmap, f->fd, f->prot, context, offset, size, ret); } -static bool verify_hash(Object *o) { - uint64_t h1, h2; - - assert(o); - - if (o->object.type == OBJECT_DATA && !(o->object.flags & OBJECT_COMPRESSED)) { - h1 = le64toh(o->data.hash); - h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload)); - } else if (o->object.type == OBJECT_FIELD) { - h1 = le64toh(o->field.hash); - h2 = hash64(o->field.payload, le64toh(o->object.size) - offsetof(Object, field.payload)); - } else - return true; - - return h1 == h2; -} - static uint64_t minimum_header_size(Object *o) { static uint64_t table[] = { @@ -394,9 +377,6 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec o = (Object*) t; } - if (!verify_hash(o)) - return -EBADMSG; - *ret = o; return 0; } diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c index f3182e876e..9318f3df8b 100644 --- a/src/journal/journal-verify.c +++ b/src/journal/journal-verify.c @@ -29,6 +29,16 @@ #include "journal-file.h" #include "journal-authenticate.h" #include "journal-verify.h" +#include "lookup3.h" + +/* FIXME: + * + * - verify hashes of compressed objects + * - follow all chains + * - check for unreferenced objects + * - verify FSPRG + * + * */ static int journal_file_object_verify(JournalFile *f, Object *o) { assert(f); @@ -38,7 +48,12 @@ static int journal_file_object_verify(JournalFile *f, Object *o) { * possible field values. It does not follow any references to * other objects. */ + if ((o->object.flags & OBJECT_COMPRESSED) && + o->object.type != OBJECT_DATA) + return -EBADMSG; + switch (o->object.type) { + case OBJECT_DATA: if (le64toh(o->data.entry_offset) <= 0 || le64toh(o->data.n_entries) <= 0) @@ -46,6 +61,17 @@ static int journal_file_object_verify(JournalFile *f, Object *o) { if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0) return -EBADMSG; + + if (!(o->object.flags & OBJECT_COMPRESSED)) { + uint64_t h1, h2; + + h1 = le64toh(o->data.hash); + h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload)); + + if (h1 != h2) + return -EBADMSG; + } + break; case OBJECT_FIELD: @@ -251,12 +277,6 @@ int journal_file_verify(JournalFile *f, const char *key) { goto fail; } - r = journal_file_hmac_put_object(f, -1, p); - if (r < 0) { - log_error("Failed to calculate HMAC at %llu", (unsigned long long) p); - goto fail; - } - if (o->object.flags & OBJECT_COMPRESSED && !(le32toh(f->header->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED)) { log_error("Compressed object without compression at %llu", (unsigned long long) p); @@ -264,10 +284,9 @@ int journal_file_verify(JournalFile *f, const char *key) { goto fail; } - if (o->object.flags & OBJECT_COMPRESSED && - o->object.type != OBJECT_DATA) { - log_error("Compressed non-data object at %llu", (unsigned long long) p); - r = -EBADMSG; + r = journal_file_hmac_put_object(f, -1, p); + if (r < 0) { + log_error("Failed to calculate HMAC at %llu", (unsigned long long) p); goto fail; } |